package com.zhou.common.mybatis.template.shiro.zhou.filter;

import com.zhou.common.mybatis.template.shiro.zhou.entity.UserCenterAuthenticationToken;
import org.springframework.core.log.LogMessage;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.filter.GenericFilterBean;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class UserCenterLoginFilter extends GenericFilterBean {

    private static final AntPathRequestMatcher DEFAULT_ANT_PATH_REQUEST_MATCHER = new AntPathRequestMatcher("/login/pwd",
            "POST");

    private SessionAuthenticationStrategy sessionStrategy = new NullAuthenticatedSessionStrategy();

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
    }

    private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        if (!requiresAuthentication(request, response)) {
            chain.doFilter(request, response);
            return;
        }
        String username = request.getParameter("username");
        username = (username != null) ? username : "";
        username = username.trim();
        String password = request.getParameter("password");
        password = (password != null) ? password : "";

        UserCenterAuthenticationToken authenticationToken=new UserCenterAuthenticationToken(username,"TOKEN");
        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
 /*       1.forward

        request.getRequestDispatcher("new.jsp").forward(request, response);   //转发到new.jsp
        2.redirect

        response.sendRedirect("new.jsp");   //重定向到new.jsp*/
        this.sessionStrategy.onAuthentication(authenticationToken, request, response);
        request.getRequestDispatcher("/login/pwd1").forward(request, response);

    }


    protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
        if (this.DEFAULT_ANT_PATH_REQUEST_MATCHER.matches(request)) {
            return true;
        }
        if (this.logger.isTraceEnabled()) {
            this.logger
                    .trace(LogMessage.format("Did not match request to %s", this.DEFAULT_ANT_PATH_REQUEST_MATCHER));
        }
        return false;
    }

    public SessionAuthenticationStrategy getSessionStrategy() {
        return sessionStrategy;
    }

    public void setSessionStrategy(SessionAuthenticationStrategy sessionStrategy) {
        this.sessionStrategy = sessionStrategy;
    }
}
